Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory monitor motherboard network operating system printer problem ram registry router slow software sound svchost.exe toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: Malware? Cannot run or download Spybot S&D or Malbytes

Page 1 of 2 1 2
Reply  
Thread Tools
Sam Knives's Avatar
Junior Member with 29 posts.
  
Join Date: Jan 2009
Experience: Just better than beginner
28-Aug-2010, 10:11 AM #1
Malware? Cannot run or download Spybot S&D or Malbytes
Hello and thanks in advance for any and all help.

My Windows XP laptop had taken to redirect google search results to ask jeeves results and other ad heavy pages. I tried to run these four programs, Spybot S&D, Malbytes Antimalware, Avira Antivirus and SpywareBlaster. The latter two ran but did nothing to help, the furst two would not run at all. i tried uninstalling them and reinstalling but Mozilla refuses to connect to any of the right sites to download these programs. I have no idea what to do but I do have Hijackthis already installed, hopefully this will work if you guys need it. Please help guys, I'm clueless?

Thanks so much in advance.
Register for free to hide this ad!
Sam Knives's Avatar
Junior Member with 29 posts.
  
Join Date: Jan 2009
Experience: Just better than beginner
01-Sep-2010, 05:16 PM #2
I just thought I'd bump this as the problem is still there and I didn't want the thread deleted though inactivity. I'm still being patient, I know you guys are all volunteers. Thanks.
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
01-Sep-2010, 07:54 PM #3
Hello & Welcome to TechSupportGuy

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply
To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
Sam Knives's Avatar
Junior Member with 29 posts.
  
Join Date: Jan 2009
Experience: Just better than beginner
02-Sep-2010, 06:14 PM #4
Hello and thanks for your attention. Please find attached the Attach.txt file as instructed by the dialogue box that popped up following the completion of DDS.scr and included below the contents of DDS log.

Unfortunately I had problems with Gmer. After about 1-2 mins of me clicking scan the machine rebooted completely. I tried to run again Gmer after restart with the same result only this time it restarted before it could complete the initial scan prior to me unchecking an boxes. I had disabled any virus protection software updates and to my knowledge no other programs were running at the time.

DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by leigh.donnor at 21:48:08.48 on 02/09/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.509.68 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\leigh.donnor\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer provided by BT Openworld Business 500 P&G
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\alot.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [{E6C97FF2-5120-01E8-524C-811964561CEB}] "c:\documents and settings\leigh.donnor\application data\foaq\atsa.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmaTel StacMon] c:\program files\sigmatel\c-major audio\stacmon.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [DSL Connection Manager] c:\program files\intel\dslsetup\ProDsl.exe
mRun: [adiras] adiras.exe
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -onlytray
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nonep] c:\docume~1\leigh~1.don\locals~1\temp\tmp5314fb8d\killexe.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.163.182,93.188.166.182
TCP: {267D7B48-89C1-4D67-9BA6-5E4328B78FAC} = 93.188.163.182,93.188.166.182
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-27 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-27 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-27 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-27 60936]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [2003-11-25 187136]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2002-10-30 71961]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2006-7-25 63555]
S2 P32LOAD;Intel(R) AnyPoint(R) 3240 USB Modem Firmware Loader;c:\windows\system32\drivers\p31usbld.sys [2004-6-14 18906]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2006-7-25 114616]
S3 G3GCUMDM;G3G C USB Modem;c:\windows\system32\drivers\g3gcumdm.sys [2004-3-10 25856]
S3 G3GCUSER;G3G C USB Serial;c:\windows\system32\drivers\g3gcuser.sys [2004-3-10 22656]
S3 PRO3200P;Intel(R) USB ADSL Modem;c:\windows\system32\drivers\p32d2kp.sys [2002-4-27 530785]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-3-29 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-3-29 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-3-29 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-3-29 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-3-29 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-3-29 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-3-29 109736]

=============== Created Last 30 ================

2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10:44 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2005-01-27 09:16:41 0 -c--a-w- c:\program files\gditst

============= FINISH: 21:50:51.29 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
02-Sep-2010, 08:11 PM #5
Hi

OK, leave Gmer & try this scanner:
Rootkit Unhooker
Download Rootkit Unhooker from Here & save it on your desktop.
  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers and Stealth Code, uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked then click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it such as your desktop then click Close
  • Copy/paste the entire contents of the report & post it in your next reply
Note - You may get the following warning - it is ok - just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
Sam Knives's Avatar
Junior Member with 29 posts.
  
Join Date: Jan 2009
Experience: Just better than beginner
03-Sep-2010, 03:31 AM #6
Hello,

Thanks, this worked fine, if it makes any difference at no point did it ask me for drive selection. Report is pasted below.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3117056 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 43.64 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF8472000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1187840 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 43.64 )
0xF82FA000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF8255000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 675840 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF8634000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6E0E000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7FF2000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF6F19000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF198F000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF8187000 C:\WINDOWS\System32\DRIVERS\ExpasAG.sys 327680 bytes (Atheros Communications, Inc., Driver for Atheros AR5001 Wireless Network Adapter)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF1B9F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF821F000 C:\WINDOWS\system32\drivers\STAC97.sys 221184 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xF8118000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF87A9000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF841C000 C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys 188416 bytes (Conexant Systems, Inc., HSFHWSIS WDM driver)
0xF1CD0000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8607000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF6E7E000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6EF1000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF8735000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6ECB000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6FA5000 C:\WINDOWS\System32\DRIVERS\EXPORTIT.SYS 151552 bytes (Eastman Kodak Company, Kodak DC File System driver)
0xF81FB000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF81D7000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF83F9000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6EA9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF6DEC000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF86FD000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF875B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF877A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF85ED000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF871D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF8170000 C:\WINDOWS\System32\DRIVERS\Apfiltr.sys 94208 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF86D4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF8159000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF1F23000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xF1828000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF844A000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF845E000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF6F72000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF86C1000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF86EB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF183D000 C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys 73728 bytes (WIBU-SYSTEMS AG, WIBU-KEY Windows NT Kernel Driver)
0xF8798000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF8148000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8090000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF88C8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8808000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF8898000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF88E8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8A38000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF89B8000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8818000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8858000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF88F8000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8958000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8838000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8978000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8A28000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF88B8000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8828000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8968000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF80A0000 C:\WINDOWS\system32\drivers\dcfs2k.sys 40960 bytes (Eastman Kodak Company, Kodak DC File System Driver (NT))
0xF87F8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF89A8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8868000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF18DF000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF8998000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF89D8000 C:\WINDOWS\System32\DRIVERS\DcCam.sys 36864 bytes (Eastman Kodak Company, Kodak Digital Camera Driver)
0xF8848000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8888000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8988000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF89F8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEF019000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF88A8000 C:\WINDOWS\System32\DRIVERS\SonyPI.sys 36864 bytes (Sony Corporation, Sony Programmable I/O Control Device)
0xF89E8000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8AD8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8BE0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8A88000 SISAGPX.sys 32768 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF8B08000 C:\WINDOWS\System32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)
0xF8B00000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8A78000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8BF8000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF8AB8000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF8B20000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8B30000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8AA8000 C:\WINDOWS\System32\Drivers\SonyNC.sys 24576 bytes (Sony Corporation, Sony Notebook Control driver)
0xF8AB0000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF8BC0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8B10000 C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0xF8BD0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8A80000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8B60000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8B70000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF8B50000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8AF8000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF8B80000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8C10000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8594000 C:\WINDOWS\System32\Drivers\cdrbsvsd.SYS 16384 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0xF8C9C000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8CE0000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF1ED3000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8C90000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8C14000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8C08000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8C0C000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF7FE2000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF1BE0000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF8CBC000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8C8C000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8D40000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF8D32000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8CFC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8D2C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8CF8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8D8E000 C:\WINDOWS\System32\Drivers\MASPINT.SYS 8192 bytes (MicroStaff Co.,Ltd., Aspi32 Driver)
0xF8D36000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8D08000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8D3A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8D1C000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8D28000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8CFA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8EB2000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8F12000 C:\WINDOWS\System32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0xF8DED000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8EEA000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8DC1000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8DC0000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x83007AF1 ?_empty_? 1295 bytes
0x83007ECC unknown_irp_handler 308 bytes
!!!!!!!!!!!Hidden driver: 0x830BCA38 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF871D000 WARNING: suspicious driver modification [atapi.sys::0x83007AF1]
WARNING: Virus alike driver modification [sonypvs1.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [GCXX.sys]
WARNING: Virus alike driver modification [GTEDG.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [e4usbaw.sys]
WARNING: Virus alike driver modification [VMCUSB.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [adiusbaw.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [Dot4Prt.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
0xF6DEC000 WARNING: Virus alike driver modification [avipbb.sys], 139264 bytes
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [g3grsc.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [PELMOUSE.SYS]
WARNING: Virus alike driver modification [Wibukey2.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [WCMscXP.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [GCXXSC.sys]
WARNING: Virus alike driver modification [GTEDGSC.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [g3gcuser.sys]
WARNING: Virus alike driver modification [g3gruser.sys]
WARNING: Virus alike driver modification [Dot4usb.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [mrv8k50.sys]
WARNING: Virus alike driver modification [g3gcumdm.sys]
WARNING: Virus alike driver modification [mrv8k51.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [g3grumdm.sys]
WARNING: Virus alike driver modification [bcmwl5.sys]
WARNING: Virus alike driver modification [gtwl5.sys]
WARNING: Virus alike driver modification [NWWMUSB.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [sonyhcs.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [SISAGPX.SYS]
WARNING: Virus alike driver modification [wceusbsh.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [NETMD031.sys]
WARNING: Virus alike driver modification [NETMD033.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [sonyhcc.sys]
WARNING: Virus alike driver modification [NETMDUSB.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [g3gcpm.sys]
WARNING: Virus alike driver modification [g3grpm.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [adildr.sys]
WARNING: Virus alike driver modification [hpzid412.sys]
WARNING: Virus alike driver modification [uart0.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [GCXXnet.sys]
WARNING: Virus alike driver modification [GTEDGNet.sys]
WARNING: Virus alike driver modification [p32d2kp.sys]
WARNING: Virus alike driver modification [alcawh.sys]
WARNING: Virus alike driver modification [alcan5wn.sys]
WARNING: Virus alike driver modification [WCMVmdXP.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [sonyhcb.sys]
WARNING: Virus alike driver modification [DcFpoint.sys]
WARNING: Virus alike driver modification [odysseyIM3.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: Virus alike driver modification [DcPtp.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [WCMBusXP.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [alcaudsl.sys]
WARNING: Virus alike driver modification [PELUSBlf.SYS]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [DcLps.sys]
WARNING: Virus alike driver modification [acgprsxp.sys]
WARNING: Virus alike driver modification [Dot4Scan.sys]
WARNING: Virus alike driver modification [cfvn4c51.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [WCMLibXP.sys]
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
03-Sep-2010, 04:11 AM #7
Hi

TDSSKiller
Download TDSSKiller.zip & save it on your desktop.
  • Extract (unzip) its contents to your Desktop
  • Double-click the TDSSKiller Folder on your desktop
  • Important!: Run this fix once and once only
  • Double click TDSSKiller.exe then click Start scan
  • A box will appear saying System scan completed
  • If any Malicious objects are found, click the default action Cure > Continue > Reboot now
  • If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 03.09.2010
  • To find the log click Start > Computer > C:
  • Please post the contents of that log in your next reply
ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
TDSSKiller log
ComboFix log
Update on how the computer is running
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
Sam Knives's Avatar
Junior Member with 29 posts.
  
Join Date: Jan 2009
Experience: Just better than beginner
03-Sep-2010, 03:13 PM #8
Hello,

TDSSKiller seemed to run fine although no reboot option was offered at the point of curing the malicious entry it found, the log is below. ComboFix will not run however. I downloaded it to my desktop as instructed, and allow the program to run when prompted after doubleclicking it, however nothing happens? Can anything be done?

2010/09/03 18:58:35.0046 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06
2010/09/03 18:58:35.0046 =========================================================================== =====
2010/09/03 18:58:35.0046 SystemInfo:
2010/09/03 18:58:35.0046
2010/09/03 18:58:35.0046 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/03 18:58:35.0046 Product type: Workstation
2010/09/03 18:58:35.0046 ComputerName: LAPTOP
2010/09/03 18:58:35.0046 UserName: leigh.donnor
2010/09/03 18:58:35.0046 Windows directory: C:\WINDOWS
2010/09/03 18:58:35.0046 System windows directory: C:\WINDOWS
2010/09/03 18:58:35.0046 Processor architecture: Intel x86
2010/09/03 18:58:35.0046 Number of processors: 1
2010/09/03 18:58:35.0046 Page size: 0x1000
2010/09/03 18:58:35.0046 Boot type: Normal boot
2010/09/03 18:58:35.0046 =========================================================================== =====
2010/09/03 18:58:35.0578 Initialize success
2010/09/03 18:58:58.0578 =========================================================================== =====
2010/09/03 18:58:58.0578 Scan started
2010/09/03 18:58:58.0578 Mode: Manual;
2010/09/03 18:58:58.0578 =========================================================================== =====
2010/09/03 18:59:00.0343 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/03 18:59:00.0390 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/03 18:59:00.0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/03 18:59:00.0562 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/03 18:59:00.0718 alcan5wn (235ced68762538aae388cca5cdc0441a) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
2010/09/03 18:59:00.0812 alcaudsl (d6652432d103b4228ffad7a754a374b5) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2010/09/03 18:59:01.0078 ApfiltrService (42860ba463d5c9c58a91d1ad208169a9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/09/03 18:59:01.0156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/03 18:59:01.0312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/03 18:59:01.0359 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/03 18:59:01.0437 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/03 18:59:01.0484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/03 18:59:01.0593 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/09/03 18:59:01.0671 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/09/03 18:59:01.0718 avipbb (0b92815b312992ea2f3a910545a6c494) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/09/03 18:59:01.0718 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\avipbb.sys. Real md5: 0b92815b312992ea2f3a910545a6c494, Fake md5: 1289e9a5d9118a25a13c0009519088e3
2010/09/03 18:59:01.0734 avipbb - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/03 18:59:01.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/03 18:59:01.0921 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/03 18:59:01.0984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/03 18:59:02.0125 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/03 18:59:02.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/03 18:59:02.0453 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2010/09/03 18:59:02.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/03 18:59:02.0609 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/03 18:59:02.0687 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/03 18:59:02.0859 DcCam (6f9ea0f7edd83a67b52482df721a5fa4) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2010/09/03 18:59:02.0953 DcFpoint (cbb5f72a33fa4013acd8e9a2382e898b) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2010/09/03 18:59:03.0015 DCFS2K (8214bfcbcf2ed5751b1db9288dae88ca) C:\WINDOWS\system32\drivers\dcfs2k.sys
2010/09/03 18:59:03.0109 DcLps (b4b9ed249a335aba7afd7dd71917be69) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2010/09/03 18:59:03.0171 DcPTP (4ec04b31ac8870e9cb1c5379c54ee49d) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2010/09/03 18:59:03.0234 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/03 18:59:03.0375 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/03 18:59:03.0484 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2010/09/03 18:59:03.0531 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/03 18:59:03.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/03 18:59:03.0671 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/03 18:59:03.0781 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/09/03 18:59:03.0890 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/09/03 18:59:03.0937 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2010/09/03 18:59:03.0984 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/09/03 18:59:04.0078 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/03 18:59:04.0171 e4usbaw (3e1971e0f64fcf2fbe05ce4ab0132963) C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
2010/09/03 18:59:04.0296 Exportit (6ee877616dcbd14fe34807bcd4418289) C:\WINDOWS\system32\DRIVERS\exportit.sys
2010/09/03 18:59:04.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/03 18:59:04.0406 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/03 18:59:04.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/03 18:59:04.0546 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/03 18:59:04.0609 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/03 18:59:04.0750 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/03 18:59:04.0796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/03 18:59:04.0875 G3GCUMDM (0dbcbfaa463d8f53c77d8aa9e1195ed5) C:\WINDOWS\system32\DRIVERS\g3gcumdm.sys
2010/09/03 18:59:04.0921 G3GCUSER (7ce9bc95d033ec35b6c51af64c36d98c) C:\WINDOWS\system32\DRIVERS\g3gcuser.sys
2010/09/03 18:59:05.0000 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/09/03 18:59:05.0046 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/03 18:59:05.0140 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/03 18:59:05.0281 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/03 18:59:05.0343 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/03 18:59:05.0468 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/03 18:59:05.0531 HSFHWSIS (382b4b21a04c63b85f64656fd42bdf12) C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys
2010/09/03 18:59:05.0609 HSF_DP (7129d0662665b2442898a0ef8fc85bb5) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/09/03 18:59:05.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/03 18:59:05.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/03 18:59:05.0953 IKANLOADER2 (1a03a7b28d12239a573dc20422c3068d) C:\WINDOWS\system32\Drivers\e4ldr.sys
2010/09/03 18:59:06.0062 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/03 18:59:06.0187 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/03 18:59:06.0234 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/03 18:59:06.0312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/03 18:59:06.0343 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/03 18:59:06.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/03 18:59:06.0453 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/03 18:59:06.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/03 18:59:06.0609 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/03 18:59:06.0656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/03 18:59:06.0718 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/03 18:59:06.0843 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/03 18:59:06.0953 LEX_AS_NIC_SERVICE_YNOS (dc531494babc08af9f1ed84735ffdd52) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
2010/09/03 18:59:07.0046 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2010/09/03 18:59:07.0140 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/09/03 18:59:07.0265 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/09/03 18:59:07.0328 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2010/09/03 18:59:07.0375 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/03 18:59:07.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/03 18:59:07.0562 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/03 18:59:07.0609 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/03 18:59:07.0671 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/03 18:59:07.0718 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/03 18:59:07.0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/03 18:59:07.0890 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/03 18:59:08.0015 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/03 18:59:08.0046 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/03 18:59:08.0093 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/03 18:59:08.0218 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/03 18:59:08.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/03 18:59:08.0343 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/03 18:59:08.0375 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/03 18:59:08.0437 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/03 18:59:08.0484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/03 18:59:08.0531 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/03 18:59:08.0578 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/03 18:59:08.0625 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/03 18:59:08.0671 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/03 18:59:08.0734 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/03 18:59:08.0781 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/03 18:59:08.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/03 18:59:08.0968 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/03 18:59:09.0078 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/03 18:59:09.0187 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/03 18:59:09.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/03 18:59:09.0421 nv (396463d3a74da0d5d1d8fdaefefc3b89) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/03 18:59:09.0515 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/03 18:59:09.0562 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/03 18:59:09.0656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/03 18:59:09.0781 P32LOAD (9fe8344d4a57d282db7b6a7824ae2ae5) C:\WINDOWS\system32\DRIVERS\p31usbld.sys
2010/09/03 18:59:09.0843 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/03 18:59:09.0921 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/03 18:59:10.0000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/03 18:59:10.0046 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/03 18:59:10.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/03 18:59:10.0187 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/03 18:59:10.0359 pepifilter (4349c7dc0c982cffc11946fff20f8524) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2010/09/03 18:59:10.0656 PID_PEPI (4fc23dae30ef4f6a2952cd93104909e7) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2010/09/03 18:59:10.0890 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/03 18:59:10.0984 PRO3200P (01cf831f7abf712a6dbdffc065156d43) C:\WINDOWS\system32\DRIVERS\p32d2kP.sys
2010/09/03 18:59:11.0046 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/03 18:59:11.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/03 18:59:11.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/03 18:59:11.0234 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/09/03 18:59:11.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/03 18:59:11.0515 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/03 18:59:11.0671 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/03 18:59:11.0703 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/03 18:59:11.0765 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/03 18:59:11.0843 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/03 18:59:11.0921 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/03 18:59:11.0968 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/03 18:59:12.0031 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/03 18:59:12.0140 s1018bus (a4925151f1372a45dd491da2a43c27b8) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
2010/09/03 18:59:12.0500 s1018mdfl (dd17284beb4301aabc6181fd2c78907f) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
2010/09/03 18:59:12.0656 s1018mdm (aee74bfe0903c672c2968dfe22df09b8) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
2010/09/03 18:59:12.0703 s1018mgmt (fe8f006bb157f1f1b6627c39b640f62d) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
2010/09/03 18:59:12.0750 s1018nd5 (bc12a5da59d947fc564a72ef6021aaec) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
2010/09/03 18:59:12.0796 s1018obex (80f0597a1ceb93aaf5db779068dd702c) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
2010/09/03 18:59:12.0843 s1018unic (2ba5f7a26fcb975574b0142b5052685e) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
2010/09/03 18:59:12.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/03 18:59:13.0031 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/03 18:59:13.0078 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/03 18:59:13.0156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/03 18:59:13.0328 SISAGP (8dfbc5aa688caa1b7eebc704250fc06e) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/09/03 18:59:13.0406 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2010/09/03 18:59:13.0453 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/03 18:59:13.0500 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2010/09/03 18:59:13.0578 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
2010/09/03 18:59:13.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/03 18:59:13.0671 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/03 18:59:13.0765 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/03 18:59:13.0843 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/09/03 18:59:13.0906 STAC97 (2d138621d3522d38032d45c896c5209a) C:\WINDOWS\system32\drivers\STAC97.sys
2010/09/03 18:59:14.0046 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/03 18:59:14.0093 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/03 18:59:14.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/03 18:59:14.0343 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/03 18:59:14.0453 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/03 18:59:14.0484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/03 18:59:14.0531 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/03 18:59:14.0593 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/03 18:59:14.0718 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/03 18:59:14.0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/03 18:59:14.0984 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/03 18:59:15.0062 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/03 18:59:15.0125 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/03 18:59:15.0187 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/03 18:59:15.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/03 18:59:15.0328 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/03 18:59:15.0375 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/03 18:59:15.0437 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/03 18:59:15.0484 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/03 18:59:15.0562 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/03 18:59:15.0703 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/03 18:59:15.0781 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/03 18:59:15.0859 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/09/03 18:59:15.0968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/03 18:59:16.0046 WIBUKEY (48dfa8ea849c83fd307e83573704bab2) C:\WINDOWS\system32\DRIVERS\WibuKey.sys
2010/09/03 18:59:16.0125 winachsf (292b0bba146793a7937d9849bddb4298) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/03 18:59:16.0296 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/03 18:59:16.0500 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/03 18:59:16.0578 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/03 18:59:16.0625 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/03 18:59:16.0718 =========================================================================== =====
2010/09/03 18:59:16.0718 Scan finished
2010/09/03 18:59:16.0718 =========================================================================== =====
2010/09/03 18:59:16.0750 Detected object count: 1
2010/09/03 18:59:55.0312 avipbb (0b92815b312992ea2f3a910545a6c494) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/09/03 18:59:55.0312 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\avipbb.sys. Real md5: 0b92815b312992ea2f3a910545a6c494, Fake md5: 1289e9a5d9118a25a13c0009519088e3
2010/09/03 18:59:55.0812 Backup copy found, using it..
2010/09/03 18:59:55.0890 C:\WINDOWS\system32\DRIVERS\avipbb.sys - processing error
2010/09/03 18:59:55.0890 Rootkit.Win32.TDSS.tdl3(avipbb) - User select action: Cure
2010/09/03 19:01:14.0031 Deinitialize success
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
03-Sep-2010, 07:56 PM #9
Hi

Try booting your computer into Safe Mode & running ComboFix from there. If ComboFix needs to restart the computer make sure you boot back to Safe Mode to allow it to finish.
Once it has finished & produced it's log, then boot back to Normal Mode.
Sam Knives's Avatar
Junior Member with 29 posts.
  
Join Date: Jan 2009
Experience: Just better than beginner
04-Sep-2010, 05:39 AM #10
Hello,

I booted to safe mode and ran ComboFix (log below). ComboFix detected that AntiVir was still running even though I had disabled it. Also When ComboFix tried to download MS Windows Recovery Panel it could not connect to internet to download (because it was in safe mode?).

The PC still has problems with dialog boxes about IE script errors appearing just after startup (I don't use IE) and with some browser redirects. ie I google 'Taylor Swift' and am redirected when I click the link for taylorswfit.com but can visit the wikipedia entry easily with no redirect

ComboFix 10-09-02.04 - leigh.donnor 04/09/2010 9:00.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.509.353 [GMT 1:00]
Running from: c:\documents and settings\leigh.donnor\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\leigh.donnor\Application Data\alot
c:\documents and settings\leigh.donnor\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_12\Button_12.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_12\Button_12.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\configurator\configurator.xml
c:\documents and settings\leigh.donnor\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\leigh.donnor\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\leigh.donnor\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\products\products.xml
c:\documents and settings\leigh.donnor\Application Data\alot\products\products.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_10\images\4680_icon.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_11\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_11\images\default_1007_alot_weather_widget.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_12\images\default_2254_email.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_12\images\default_2254_email.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_12\images\icon_configure.JPG
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_3\images\4678_icon.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_play games.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_play games.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_play games.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_play games.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_g ames_tetriz.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_g ames_tetriz.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_butto n.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_butto n.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_8\images\3562_icon.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_8\images\3562_icon.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Button_9\images\4675_icon.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\leigh.donnor\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\leigh.donnor\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\toolbar.xml
c:\documents and settings\leigh.donnor\Application Data\alot\toolbar.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\leigh.donnor\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\leigh.donnor\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Updater\Updater.xml
c:\documents and settings\leigh.donnor\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\leigh.donnor\Application Data\Foaq
c:\documents and settings\leigh.donnor\Application Data\Foaq\atsa.exe
c:\documents and settings\leigh.donnor\Application Data\PriceGong
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\1.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\a.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\b.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\c.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\d.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\e.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\f.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\g.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\h.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\i.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\J.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\k.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\l.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\m.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\n.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\o.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\p.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\q.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\r.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\s.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\t.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\u.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\v.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\w.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\x.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\y.xml
c:\documents and settings\leigh.donnor\Application Data\PriceGong\Data\z.xml
c:\windows\Debug\dcpromo.log

.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-08-28 09:34 . 2010-08-28 09:32 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-08-28 09:34 . 2010-08-28 09:34 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-28 09:34 . 2010-08-28 09:34 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-28 09:34 . 2010-08-28 09:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-08-28 09:34 . 2010-08-28 09:34 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-28 09:33 . 2010-08-28 09:33 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 09:32 . 2010-08-28 09:32 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-21 19:51 . 2010-08-21 19:52 -------- d-----w- c:\program files\QuickTime
2010-08-13 05:41 . 2010-08-13 05:40 53632 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-08-13 05:41 . 2010-08-13 05:41 -------- d-----w- c:\program files\Adobe Media Player
2010-08-13 05:41 . 2010-08-13 05:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-08 08:28 . 2010-08-08 08:28 503808 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ddbf547-n\msvcp71.dll
2010-08-08 08:28 . 2010-08-08 08:28 499712 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ddbf547-n\jmc.dll
2010-08-08 08:28 . 2010-08-08 08:28 348160 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ddbf547-n\msvcr71.dll
2010-08-08 08:28 . 2010-08-08 08:28 61440 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-132a0292-n\decora-sse.dll
2010-08-08 08:28 . 2010-08-08 08:28 12800 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-132a0292-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 07:36 . 2006-12-16 08:03 -------- d-----w- c:\documents and settings\leigh.donnor\Application Data\Ylli
2010-09-03 17:59 . 2010-09-03 17:59 124784 ----a-w- c:\windows\system32\drivers\tsk44.tmp
2010-09-03 17:53 . 2009-01-10 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-01 20:50 . 2009-01-10 13:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-28 10:31 . 2009-01-23 19:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-28 10:29 . 2009-02-01 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-08-28 09:35 . 2010-05-06 06:39 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-28 09:34 . 2010-05-06 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-28 09:34 . 2006-08-04 16:35 -------- d-----w- c:\program files\DivX
2010-08-28 09:32 . 2010-05-06 06:39 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-28 09:32 . 2010-05-06 06:39 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-22 09:30 . 2009-02-19 20:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-10 19:11 . 2008-06-22 21:35 -------- d-----w- c:\documents and settings\leigh.donnor\Application Data\Oqelys
2010-08-05 20:27 . 2009-06-29 18:18 -------- d-----w- c:\documents and settings\leigh.donnor\Application Data\Spotify
2010-07-28 17:27 . 2010-07-28 17:27 -------- d-----w- c:\documents and settings\leigh.donnor\Application Data\Avira
2010-07-27 17:48 . 2008-02-09 09:22 -------- d-----w- c:\documents and settings\leigh.donnor\Application Data\Ertyk
2010-07-21 19:11 . 2009-06-02 21:33 -------- d-----w- c:\program files\iTunes
2010-07-21 19:06 . 2010-07-21 19:06 -------- d-----w- c:\program files\iPod
2010-07-21 19:06 . 2008-01-12 12:38 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 18:55 . 2010-07-21 18:55 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-09 22:54 . 2010-07-09 22:54 -------- d-----w- c:\program files\7-Zip
2010-07-09 22:54 . 2010-07-09 22:54 -------- d-----w- c:\program files\PriceGong
2010-07-09 22:53 . 2010-07-09 22:53 -------- d-----w- c:\program files\alot
2010-06-30 12:31 . 2003-11-25 09:22 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 09:23 . 2010-06-26 09:23 439816 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Real\Update\setup3.10\setup.exe
2010-06-24 12:10 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2004-02-06 17:05 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-11-25 09:22 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-11-25 09:22 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-11-25 09:22 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2003-11-25 10:39 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-11-25 09:22 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-06 10:47 . 2010-06-06 10:47 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-06 10:47 . 2010-06-06 10:47 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-06 10:47 . 2010-06-06 10:47 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2005-01-27 09:16 . 2005-01-27 09:16 0 -c--a-w- c:\program files\gditst
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2010-03-28 19:47 353656 ----a-w- c:\program files\PriceGong\2.1.0\PriceGongIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-09-19 114688]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4612096]
"SigmaTel StacMon"="c:\program files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 45056]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-08-14 90112]
"VAIO Update 2"="c:\program files\sony\vaio update 2\VAIOUpdt.exe" [2003-11-18 135168]
"DSL Connection Manager"="c:\program files\INTEL\DSLSetup\ProDsl.exe" [2002-05-10 65536]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 820736]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [30/10/2002 15:10 71961]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/04/2010 19:44 135336]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [25/07/2006 08:42 63555]
S2 P32LOAD;Intel(R) AnyPoint(R) 3240 USB Modem Firmware Loader;c:\windows\system32\drivers\p31usbld.sys [14/06/2004 20:51 18906]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [25/07/2006 08:42 114616]
S3 G3GCUMDM;G3G C USB Modem;c:\windows\system32\drivers\g3gcumdm.sys [10/03/2004 18:14 25856]
S3 G3GCUSER;G3G C USB Serial;c:\windows\system32\drivers\g3gcuser.sys [10/03/2004 18:14 22656]
S3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [25/11/2003 12:29 187136]
S3 PRO3200P;Intel(R) USB ADSL Modem;c:\windows\system32\drivers\p32d2kp.sys [27/04/2002 05:23 530785]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [29/03/2009 12:20 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [29/03/2009 12:20 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [29/03/2009 12:20 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [29/03/2009 12:20 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [29/03/2009 12:20 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [29/03/2009 12:20 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [29/03/2009 12:20 109736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DCFS2K
*NewlyCreated* - IKANLOADER2
*NewlyCreated* - P32LOAD
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-09-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\leigh.donnor\Application Data\Mozilla\Firefox\Profiles\wcviy61n.default\
FF - plugin: c:\documents and settings\leigh.donnor\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{E6C97FF2-5120-01E8-524C-811964561CEB} - c:\documents and settings\leigh.donnor\Application Data\Foaq\atsa.exe
HKLM-Run-adiras - adiras.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 09:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-04 09:18:08
ComboFix-quarantined-files.txt 2010-09-04 08:17

Pre-Run: 7,876,513,792 bytes free
Post-Run: 9,484,341,248 bytes free

- - End Of File - - 9952A99A46B7861EA07A88C1A7CB8420
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
04-Sep-2010, 08:35 AM #11
Hi

Hopefully your now you're able to work from Normal Mode. If not then boot your computer to Safe Mode with Networking. This will give you internet access & should allow you to install the Recovery Console when we run ComboFix again.

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

ALOT Toolbar
PriceGong 2.1.0

If some programs listed are not present, please do not panic

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code:
http://forums.techguy.org/virus-other-malware-removal/946290-malware-cannot-run-download-spybot.html
DirLook::
c:\documents and settings\leigh.donnor\Application Data\Ylli
c:\documents and settings\leigh.donnor\Application Data\Oqelys
c:\documents and settings\leigh.donnor\Application Data\Ertyk
c:\program files\gditst
Collect::
c:\windows\system32\drivers\tsk44.tmp
Folder::
c:\program files\PriceGong
c:\program files\alot
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
DDS::
uStart Page = about:blank
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: NameServer = 93.188.163.182,93.188.166.182
TCP: {267D7B48-89C1-4D67-9BA6-5E4328B78FAC} = 93.188.163.182,93.188.166.182
Save this as CFScript.txt, in the same location as ComboFix.exe



Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Could you also run Rootkit Unhooker again (same as before) & post the log.

To post in next reply:
ComboFix log
Rootkit Unhooker log
Update on how the computer is running
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
Sam Knives's Avatar
Junior Member with 29 posts.
  
Join Date: Jan 2009
Experience: Just better than beginner
04-Sep-2010, 12:01 PM #12
Hi,

I had to got Safe Mode with Networking in order to run ComboFix. Sure enough this time it was able to connect and download/upload as required.

With respect to perfomance, the same dialogue box as mentioned prior and the same browser redirects occur.

Both CF log and RKUnhook log follow. Thanks.

ComboFix 10-09-03.02 - leigh.donnor 04/09/2010 15:21:54.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.509.346 [GMT 1:00]
Running from: c:\documents and settings\leigh.donnor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\leigh.donnor\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

file zipped: c:\windows\system32\drivers\tsk44.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\tsk44.tmp

.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-08-28 09:34 . 2010-08-28 09:32 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-08-28 09:34 . 2010-08-28 09:34 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-28 09:34 . 2010-08-28 09:34 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-28 09:34 . 2010-08-28 09:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-08-28 09:34 . 2010-08-28 09:34 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-28 09:33 . 2010-08-28 09:33 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 09:32 . 2010-08-28 09:32 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-21 19:51 . 2010-08-21 19:52 -------- d-----w- c:\program files\QuickTime
2010-08-13 05:41 . 2010-08-13 05:40 53632 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-08-13 05:41 . 2010-08-13 05:41 -------- d-----w- c:\program files\Adobe Media Player
2010-08-13 05:41 . 2010-08-13 05:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-08 08:28 . 2010-08-08 08:28 503808 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ddbf547-n\msvcp71.dll
2010-08-08 08:28 . 2010-08-08 08:28 499712 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ddbf547-n\jmc.dll
2010-08-08 08:28 . 2010-08-08 08:28 348160 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ddbf547-n\msvcr71.dll
2010-08-08 08:28 . 2010-08-08 08:28 61440 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-132a0292-n\decora-sse.dll
2010-08-08 08:28 . 2010-08-08 08:28 12800 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-132a0292-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 07:36 . 2006-12-16 08:03 -------- d-----w- c:\documents and settings\leigh.donnor\Application Data\Ylli
2010-09-03 17:53 . 2009-01-10 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-01 20:50 . 2009-01-10 13:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-28 10:31 . 2009-01-23 19:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-28 10:29 . 2009-02-01 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-08-28 09:35 . 2010-05-06 06:39 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-28 09:34 . 2010-05-06 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-28 09:34 . 2006-08-04 16:35 -------- d-----w- c:\program files\DivX
2010-08-28 09:32 . 2010-05-06 06:39 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-28 09:32 . 2010-05-06 06:39 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-22 09:30 . 2009-02-19 20:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-10 19:11 . 2008-06-22 21:35 -------- d-----w- c:\documents and settings\leigh.donnor\Application Data\Oqelys
2010-08-05 20:27 . 2009-06-29 18:18 -------- d-----w- c:\documents and settings\leigh.donnor\Application Data\Spotify
2010-07-28 17:27 . 2010-07-28 17:27 -------- d-----w- c:\documents and settings\leigh.donnor\Application Data\Avira
2010-07-27 17:48 . 2008-02-09 09:22 -------- d-----w- c:\documents and settings\leigh.donnor\Application Data\Ertyk
2010-07-21 19:11 . 2009-06-02 21:33 -------- d-----w- c:\program files\iTunes
2010-07-21 19:06 . 2010-07-21 19:06 -------- d-----w- c:\program files\iPod
2010-07-21 19:06 . 2008-01-12 12:38 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 18:55 . 2010-07-21 18:55 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-09 22:54 . 2010-07-09 22:54 -------- d-----w- c:\program files\7-Zip
2010-06-30 12:31 . 2003-11-25 09:22 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 09:23 . 2010-06-26 09:23 439816 ----a-w- c:\documents and settings\leigh.donnor\Application Data\Real\Update\setup3.10\setup.exe
2010-06-24 12:10 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2004-02-06 17:05 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-11-25 09:22 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-11-25 09:22 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-11-25 09:22 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2003-11-25 10:39 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-11-25 09:22 1172480 ----a-w- c:\windows\system32\msxml3.dll
2005-01-27 09:16 . 2005-01-27 09:16 0 -c--a-w- c:\program files\gditst
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\leigh.donnor\Application Data\Ertyk ----


---- Directory of c:\documents and settings\leigh.donnor\Application Data\Oqelys ----


---- Directory of c:\documents and settings\leigh.donnor\Application Data\Ylli ----


---- Directory of c:\program files\gditst ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-09-19 114688]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4612096]
"SigmaTel StacMon"="c:\program files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 45056]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-08-14 90112]
"VAIO Update 2"="c:\program files\sony\vaio update 2\VAIOUpdt.exe" [2003-11-18 135168]
"DSL Connection Manager"="c:\program files\INTEL\DSLSetup\ProDsl.exe" [2002-05-10 65536]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 820736]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [30/10/2002 15:10 71961]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/04/2010 19:44 135336]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [25/07/2006 08:42 63555]
S2 P32LOAD;Intel(R) AnyPoint(R) 3240 USB Modem Firmware Loader;c:\windows\system32\drivers\p31usbld.sys [14/06/2004 20:51 18906]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [25/07/2006 08:42 114616]
S3 G3GCUMDM;G3G C USB Modem;c:\windows\system32\drivers\g3gcumdm.sys [10/03/2004 18:14 25856]
S3 G3GCUSER;G3G C USB Serial;c:\windows\system32\drivers\g3gcuser.sys [10/03/2004 18:14 22656]
S3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [25/11/2003 12:29 187136]
S3 PRO3200P;Intel(R) USB ADSL Modem;c:\windows\system32\drivers\p32d2kp.sys [27/04/2002 05:23 530785]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [29/03/2009 12:20 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [29/03/2009 12:20 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [29/03/2009 12:20 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [29/03/2009 12:20 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [29/03/2009 12:20 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [29/03/2009 12:20 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [29/03/2009 12:20 109736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DCFS2K
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-09-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 21:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\leigh.donnor\Application Data\Mozilla\Firefox\Profiles\wcviy61n.default\
FF - plugin: c:\documents and settings\leigh.donnor\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 15:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-04 15:32:30
ComboFix-quarantined-files.txt 2010-09-04 14:32
ComboFix2.txt 2010-09-04 08:18

Pre-Run: 9,456,189,440 bytes free
Post-Run: 9,452,593,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 980A7CF707EF71182EAB56D4A1872D3D
Upload was successful




RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3117056 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 43.64 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF8472000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1187840 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 43.64 )
0xF82FA000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF8255000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 675840 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF8634000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6E0E000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7FF2000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF6F19000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF1725000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF8187000 C:\WINDOWS\System32\DRIVERS\ExpasAG.sys 327680 bytes (Atheros Communications, Inc., Driver for Atheros AR5001 Wireless Network Adapter)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF18AD000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF821F000 C:\WINDOWS\system32\drivers\STAC97.sys 221184 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xF8118000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF87A9000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF841C000 C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys 188416 bytes (Conexant Systems, Inc., HSFHWSIS WDM driver)
0xF1CD0000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8607000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEFFA3000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF6E7E000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6EF1000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF8735000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6ECB000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6FA5000 C:\WINDOWS\System32\DRIVERS\EXPORTIT.SYS 151552 bytes (Eastman Kodak Company, Kodak DC File System driver)
0xF81FB000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF81D7000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF83F9000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6EA9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF6DEC000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF86FD000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF875B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF877A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF85ED000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF871D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF8170000 C:\WINDOWS\System32\DRIVERS\Apfiltr.sys 94208 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF86D4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF8159000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF1F23000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xF1B10000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF844A000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF845E000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF6F72000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF86C1000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF86EB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF15D3000 C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys 73728 bytes (WIBU-SYSTEMS AG, WIBU-KEY Windows NT Kernel Driver)
0xF8798000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF8148000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8090000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF88C8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8808000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF8898000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF88E8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF2117000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF89B8000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8818000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8858000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF88F8000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8958000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8838000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8978000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8A28000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF88B8000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8828000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8968000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF80B0000 C:\WINDOWS\system32\drivers\dcfs2k.sys 40960 bytes (Eastman Kodak Company, Kodak DC File System Driver (NT))
0xF87F8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF89A8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8868000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF17E5000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF8998000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF89D8000 C:\WINDOWS\System32\DRIVERS\DcCam.sys 36864 bytes (Eastman Kodak Company, Kodak Digital Camera Driver)
0xF8848000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8888000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8988000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF89F8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF0666000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF88A8000 C:\WINDOWS\System32\DRIVERS\SonyPI.sys 36864 bytes (Sony Corporation, Sony Programmable I/O Control Device)
0xF89E8000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8AD8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8BE0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8A88000 SISAGPX.sys 32768 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF8B08000 C:\WINDOWS\System32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)
0xF8B00000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8A78000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8BF8000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF8AB8000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF8B20000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8B30000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8AA8000 C:\WINDOWS\System32\Drivers\SonyNC.sys 24576 bytes (Sony Corporation, Sony Notebook Control driver)
0xF8AB0000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF8BC0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8AC0000 C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0xF8BD0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8A80000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8B60000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8B70000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF8B50000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8AF8000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF8B90000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8C10000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8594000 C:\WINDOWS\System32\Drivers\cdrbsvsd.SYS 16384 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0xF8C9C000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8CE0000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF1F58000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8C90000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8C14000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8C08000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8C0C000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF7FDE000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF1B49000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF8CBC000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8C8C000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8D40000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF8D32000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8CFC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8D2C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8CF8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8D34000 C:\WINDOWS\System32\Drivers\MASPINT.SYS 8192 bytes (MicroStaff Co.,Ltd., Aspi32 Driver)
0xF8D36000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8D0E000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8D3A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8D1C000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8D28000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8CFA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8E89000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8EE9000 C:\WINDOWS\System32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0xF8F4D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8EC2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8DC1000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8DC0000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8300AAF1 ?_empty_? 1295 bytes
!!!!!!!!!!!Hidden driver: 0x830B8E20 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF871D000 WARNING: suspicious driver modification [atapi.sys::0x8300AAF1]
WARNING: Virus alike driver modification [sonypvs1.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [GCXX.sys]
WARNING: Virus alike driver modification [GTEDG.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [e4usbaw.sys]
WARNING: Virus alike driver modification [VMCUSB.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [adiusbaw.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [Dot4Prt.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
0xF6DEC000 WARNING: Virus alike driver modification [avipbb.sys], 139264 bytes
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [g3grsc.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [PELMOUSE.SYS]
WARNING: Virus alike driver modification [Wibukey2.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [WCMscXP.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [GCXXSC.sys]
WARNING: Virus alike driver modification [GTEDGSC.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [g3gcuser.sys]
WARNING: Virus alike driver modification [g3gruser.sys]
WARNING: Virus alike driver modification [Dot4usb.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [mrv8k50.sys]
WARNING: Virus alike driver modification [g3gcumdm.sys]
WARNING: Virus alike driver modification [mrv8k51.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [g3grumdm.sys]
WARNING: Virus alike driver modification [bcmwl5.sys]
WARNING: Virus alike driver modification [gtwl5.sys]
WARNING: Virus alike driver modification [NWWMUSB.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [sonyhcs.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [SISAGPX.SYS]
WARNING: Virus alike driver modification [wceusbsh.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [NETMD031.sys]
WARNING: Virus alike driver modification [NETMD033.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [sonyhcc.sys]
WARNING: Virus alike driver modification [NETMDUSB.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [g3gcpm.sys]
WARNING: Virus alike driver modification [g3grpm.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [adildr.sys]
WARNING: Virus alike driver modification [hpzid412.sys]
WARNING: Virus alike driver modification [uart0.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [GCXXnet.sys]
WARNING: Virus alike driver modification [GTEDGNet.sys]
WARNING: Virus alike driver modification [p32d2kp.sys]
WARNING: Virus alike driver modification [alcawh.sys]
WARNING: Virus alike driver modification [alcan5wn.sys]
WARNING: Virus alike driver modification [WCMVmdXP.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [sonyhcb.sys]
WARNING: Virus alike driver modification [DcFpoint.sys]
WARNING: Virus alike driver modification [odysseyIM3.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: Virus alike driver modification [DcPtp.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [WCMBusXP.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [alcaudsl.sys]
WARNING: Virus alike driver modification [PELUSBlf.SYS]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [DcLps.sys]
WARNING: Virus alike driver modification [acgprsxp.sys]
WARNING: Virus alike driver modification [Dot4Scan.sys]
WARNING: Virus alike driver modification [cfvn4c51.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [WCMLibXP.sys]
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
04-Sep-2010, 01:04 PM #13
Looks as though one of the drivers for you Avira AntiVir has been patched. Probably best to completely uninstall Avira, reboot your computer & re-install it... or try something else:

1) Microsoft Security Essentials - Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
2) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
3) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

Once that's done, can you run Rootkit Unhooker again (same as before) & post the log.

There's more to do, but that will do for the time being. Oh, & that error message you're receiving... Could you give me the exact message.
Thanks
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
Sam Knives's Avatar
Junior Member with 29 posts.
  
Join Date: Jan 2009
Experience: Just better than beginner
04-Sep-2010, 02:16 PM #14
Okay I have removed AntiVir and reinstalled it, and ran RKUnhook again , log is below. Performance seems improved I've done four or five searches and seem unable to get the redirects I was getting before. Also the dialogue message I got before isn't appearing. From memory it informed me that IE had a run script error at a certain point and asked if I wanted to keep running the script or not. I was not using IE at any point when it appeared.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3117056 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 43.64 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF8472000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1187840 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 43.64 )
0xF82FA000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF8255000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 675840 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF8634000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6E0E000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7FF2000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF6F19000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF22C8000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF8187000 C:\WINDOWS\System32\DRIVERS\ExpasAG.sys 327680 bytes (Atheros Communications, Inc., Driver for Atheros AR5001 Wireless Network Adapter)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF240F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF821F000 C:\WINDOWS\system32\drivers\STAC97.sys 221184 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xF8118000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF87A9000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF841C000 C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys 188416 bytes (Conexant Systems, Inc., HSFHWSIS WDM driver)
0xF24A0000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8607000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF6E7E000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6EF1000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF8735000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6ECB000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6FA5000 C:\WINDOWS\System32\DRIVERS\EXPORTIT.SYS 151552 bytes (Eastman Kodak Company, Kodak DC File System driver)
0xF81FB000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF81D7000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF83F9000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6EA9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF0FB4000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF86FD000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF875B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF877A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF85ED000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF871D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF6DCE000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8170000 C:\WINDOWS\System32\DRIVERS\Apfiltr.sys 94208 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF86D4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF8159000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF0F9F000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xF21C3000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF844A000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF845E000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF6F72000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF86C1000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF86EB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF20E9000 C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys 73728 bytes (WIBU-SYSTEMS AG, WIBU-KEY Windows NT Kernel Driver)
0xF8798000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF8148000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8908000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF88C8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8808000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF8898000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF88E8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF24ED000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF89B8000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8818000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8858000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF88F8000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8958000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8838000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8978000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8A28000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF88B8000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8828000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8968000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8A58000 C:\WINDOWS\system32\drivers\dcfs2k.sys 40960 bytes (Eastman Kodak Company, Kodak DC File System Driver (NT))
0xF87F8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF89A8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8868000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF2347000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF8998000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF89D8000 C:\WINDOWS\System32\DRIVERS\DcCam.sys 36864 bytes (Eastman Kodak Company, Kodak Digital Camera Driver)
0xF8848000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8888000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8988000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF89F8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF1781000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF88A8000 C:\WINDOWS\System32\DRIVERS\SonyPI.sys 36864 bytes (Sony Corporation, Sony Programmable I/O Control Device)
0xF89E8000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8AD8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8BE0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8A88000 SISAGPX.sys 32768 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF8B08000 C:\WINDOWS\System32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)
0xF8B00000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8A78000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8BF8000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF8AB8000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF8B20000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8B30000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8AA8000 C:\WINDOWS\System32\Drivers\SonyNC.sys 24576 bytes (Sony Corporation, Sony Notebook Control driver)
0xF8BC0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8BE8000 C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0xF8BD0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8A80000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8B60000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8B70000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF8B50000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8AF8000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF8AC8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8C10000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8594000 C:\WINDOWS\System32\Drivers\cdrbsvsd.SYS 16384 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0xF8C9C000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8CE0000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF2765000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8C90000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8C14000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8C08000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8C0C000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF80F8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF240B000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF8CBC000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8C8C000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8D1E000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF8D32000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8CFC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8D42000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8D2C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8CF8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8D0A000 C:\WINDOWS\System32\Drivers\MASPINT.SYS 8192 bytes (MicroStaff Co.,Ltd., Aspi32 Driver)
0xF8D36000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8DBA000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8D3A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8D1C000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8D28000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8CFA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8E89000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8EE6000 C:\WINDOWS\System32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0xF8F06000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8EC2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8DC1000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8DC0000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [sonypvs1.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [GCXX.sys]
WARNING: Virus alike driver modification [GTEDG.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [e4usbaw.sys]
WARNING: Virus alike driver modification [VMCUSB.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [adiusbaw.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [Dot4Prt.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [g3grsc.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [PELMOUSE.SYS]
WARNING: Virus alike driver modification [Wibukey2.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [WCMscXP.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [GCXXSC.sys]
WARNING: Virus alike driver modification [GTEDGSC.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [g3gcuser.sys]
WARNING: Virus alike driver modification [g3gruser.sys]
WARNING: Virus alike driver modification [Dot4usb.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [mrv8k50.sys]
WARNING: Virus alike driver modification [g3gcumdm.sys]
WARNING: Virus alike driver modification [mrv8k51.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [g3grumdm.sys]
WARNING: Virus alike driver modification [bcmwl5.sys]
WARNING: Virus alike driver modification [gtwl5.sys]
WARNING: Virus alike driver modification [NWWMUSB.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [sonyhcs.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [SISAGPX.SYS]
WARNING: Virus alike driver modification [wceusbsh.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [NETMD031.sys]
WARNING: Virus alike driver modification [NETMD033.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [sonyhcc.sys]
WARNING: Virus alike driver modification [NETMDUSB.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [g3gcpm.sys]
WARNING: Virus alike driver modification [g3grpm.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [adildr.sys]
WARNING: Virus alike driver modification [hpzid412.sys]
WARNING: Virus alike driver modification [uart0.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [GCXXnet.sys]
WARNING: Virus alike driver modification [GTEDGNet.sys]
WARNING: Virus alike driver modification [p32d2kp.sys]
WARNING: Virus alike driver modification [alcawh.sys]
WARNING: Virus alike driver modification [alcan5wn.sys]
WARNING: Virus alike driver modification [WCMVmdXP.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [sonyhcb.sys]
WARNING: Virus alike driver modification [DcFpoint.sys]
WARNING: Virus alike driver modification [odysseyIM3.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: Virus alike driver modification [DcPtp.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [WCMBusXP.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [alcaudsl.sys]
WARNING: Virus alike driver modification [PELUSBlf.SYS]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [DcLps.sys]
WARNING: Virus alike driver modification [acgprsxp.sys]
WARNING: Virus alike driver modification [Dot4Scan.sys]
WARNING: Virus alike driver modification [cfvn4c51.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [WCMLibXP.sys]
Sam Knives's Avatar
Junior Member with 29 posts.
  
Join Date: Jan 2009
Experience: Just better than beginner
04-Sep-2010, 05:56 PM #15
I'm afraid I leave for a weeks holiday early tomorrow morning, is it possible the thread can be kept open so we can finish this off in a weeks time? I was hoping we could get the all clear before this, please don't think I'm wasting your time. I'm very grateful for all your help. I hope we can sort on my return.

Sam
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Solved: Spybot S&D Help About Info game??? BodyworkeR General Security 4 17-Jan-2010 09:15 PM
HELP!! cannot install HiijackThis or Spybot S&D or boot into safe mode!! Sebian Virus & Other Malware Removal 1 09-Aug-2009 09:24 PM
help google/yahoo redirect in firefox and IE, spybot s&d and malwarebytes won't start jakeg2 Virus & Other Malware Removal 0 31-Mar-2009 02:51 AM
Which do you think is better spybot s&d or adaware or other? nickelodeon Virus & Other Malware Removal 2 21-Aug-2004 09:20 AM
cant open spybot s&d or system info? papamoroz Earlier Versions of Windows 3 16-Jul-2004 07:19 PM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:19 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.